{"vulnerability": "CVE-2026-5760", "sightings": [{"uuid": "1c2e45b9-d365-4cdc-810e-a86239dd5364", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/8834", "content": "\u26a0\ufe0f SGLang has a critical flaw enabling remote code execution (CVSS 9.8) via malicious GGUF model files.\n\nA crafted Jinja2 template runs when /v1/rerank is triggered, executing attacker code on the server.\n\n\ud83d\udd17 How GGUF templates become an RCE path \u2192 https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html", "creation_timestamp": "2026-04-20T17:20:02.000000Z"}, {"uuid": "efdb6e67-f65f-4cd4-ad37-79cd8561cd3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/39752", "content": "SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files \u2013 thehackernews.com\n\nTue, 21 Apr 2026 01:14:00", "creation_timestamp": "2026-04-20T20:04:13.000000Z"}, {"uuid": "bdc85573-f1be-4813-9191-81100d2b2d5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "published-proof-of-concept", "source": "https://t.me/TengkorakCyberCrewzz/9848", "content": "SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files \u2013 thehackernews.com\n\nTue, 21 Apr 2026 01:14:00", "creation_timestamp": "2026-04-20T20:04:13.000000Z"}, {"uuid": "1acc029b-7101-4576-8b62-01a66529ba61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://t.me/ctinow/249056", "content": "SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files\nhttps://ift.tt/Hw4Xdgr", "creation_timestamp": "2026-04-20T18:44:42.000000Z"}, {"uuid": "5a0a4d70-7670-4543-8a65-95e4de551561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://t.me/cibsecurity/89064", "content": "\ud83d\udd8b\ufe0f SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files \ud83d\udd8b\ufe0f\n\nA critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE20265760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is a highperformance, opensource serving.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-04-20T22:27:37.000000Z"}, {"uuid": "05dda17e-50fd-48f0-9913-dd035ab7740a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-5760", "type": "published-proof-of-concept", "source": "https://github.com/Stuub/SGLang-0.5.9-RCE", "content": "", "creation_timestamp": "2026-04-02T04:00:00.000000Z"}, {"uuid": "95097154-4a65-4b77-ab18-19eb9c5361c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "published-proof-of-concept", "source": "Telegram/7uvNKIkKUjmk2sMVfR5LVifrbyQORs8bQP9lip1EoQrHag", "content": "", "creation_timestamp": "2026-04-21T02:13:45.000000Z"}, {"uuid": "ae875604-377e-4167-949f-97db836f1e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/akoaxan.iamveryti.red.ap.brid.gy/post/3mjysmm2kysx2", "content": "", "creation_timestamp": "2026-04-21T10:47:48.821083Z"}, {"uuid": "375f7fb1-efb2-4a7d-bc4e-204cc6e3ecd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mk26sce5ay2t", "content": "", "creation_timestamp": "2026-04-21T23:58:20.978246Z"}, {"uuid": "4c88703d-6ed8-4aa2-9bcc-4a46c37c92d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjwt3o4mq52n", "content": "", "creation_timestamp": "2026-04-20T15:50:50.531853Z"}, {"uuid": "cddef8e6-9166-4378-bf9f-05de4a74f040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mjx5dx2ppf2u", "content": "", "creation_timestamp": "2026-04-20T18:54:26.482195Z"}, {"uuid": "13862167-d71a-42a5-87e3-39a4f3e675b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html", "content": "", "creation_timestamp": "2026-04-20T15:14:00.000000Z"}, {"uuid": "26293eda-f0d3-43d9-a02d-3d8445f96db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mjxcfsxopd26", "content": "", "creation_timestamp": "2026-04-20T20:24:58.520465Z"}, {"uuid": "8b9fb15f-e246-4b35-a396-12111b716480", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mjxffrc54l2k", "content": "", "creation_timestamp": "2026-04-20T21:18:37.579722Z"}, {"uuid": "757be786-a38d-451a-8cd6-bee59007cbf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mjxgmmlyqh2a", "content": "", "creation_timestamp": "2026-04-20T21:40:21.138389Z"}, {"uuid": "4006285e-334d-4f5b-9694-6363a2133351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mjxri75wo52q", "content": "", "creation_timestamp": "2026-04-21T00:54:52.680222Z"}, {"uuid": "cdb09943-7ae7-44d4-a7ab-1324b62e5b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3mjxsqbtovkw2", "content": "", "creation_timestamp": "2026-04-21T01:17:12.542892Z"}, {"uuid": "9678e11b-ab90-4d4b-baab-93a98cd0c31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mjy4p2t7ya2s", "content": "", "creation_timestamp": "2026-04-21T04:15:25.643226Z"}, {"uuid": "72a76c82-d741-4f82-b249-8f18d3c3a8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mk3px7gnbc2u", "content": "", "creation_timestamp": "2026-04-22T14:38:04.228180Z"}, {"uuid": "54678fef-4375-4e30-b9b6-a5fe66d05c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mk445qhs4c2d", "content": "", "creation_timestamp": "2026-04-22T18:16:27.430260Z"}, {"uuid": "8881dd73-2109-4514-a4ee-364b67f0f7a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mk4no57mph2c", "content": "", "creation_timestamp": "2026-04-22T23:29:46.269756Z"}, {"uuid": "3513316e-b716-4535-8b3f-2570052a7ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mk5rphiics24", "content": "", "creation_timestamp": "2026-04-23T10:14:49.526674Z"}, {"uuid": "04601ad8-df23-4b4d-b0cb-afd7fdcc2a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkevw7ecak2s", "content": "", "creation_timestamp": "2026-04-26T06:18:47.870964Z"}, {"uuid": "d951a7d1-365a-4fae-8895-e8a7f25c7f58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "published-proof-of-concept", "source": "Telegram/U2O1eQ5mSIep6JMLEua9jzcZY1kR08e_uIgBvSnnSFh4ng", "content": "", "creation_timestamp": "2026-04-21T00:44:02.000000Z"}, {"uuid": "3c8f2985-584d-42cc-9c2d-e4150abbfe00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "Telegram/hFxIO41xlFzh2jQkUD7ke9A61oBvDNutGhkEmwpRW_mhNxw", "content": "", "creation_timestamp": "2026-04-20T17:21:32.000000Z"}, {"uuid": "798b1738-d2d8-4813-a036-c70a2e29b424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmidr6bd3227", "content": "\u26a0\ufe0f Manual T\u00e9cnico: Reparaci\u00f3n del CVE-2026-5760 en el Framework de IA #SGLang www.newstecnicas.com/2026/04/manu...", "creation_timestamp": "2026-05-23T01:54:53.638371Z"}, {"uuid": "b27d32ba-e086-473f-a19e-3efd0a16a1f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5760", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mlcjmcdaik2j", "content": "\u26a0\ufe0f Manual T\u00e9cnico: Reparaci\u00f3n del CVE-2026-5760 en el Framework de IA SGLang www.newstecnicas.com/2026/04/manu...", "creation_timestamp": "2026-05-08T00:58:28.409937Z"}]}